@@ -1168,15 +1168,30 @@ <h3>Content Distribution Networks</h3>
11681168 < h3 > Decoy Values</ h3 >
11691169
11701170 < p >
1171- The use of decoy values in status lists by < a > issuers</ a > can, when used
1172- properly, increase the privacy of < a > subjects</ a > by further hiding the size of
1173- the group associated with a status list as well as when values in the list
1174- change. It is also possible to use too many decoys, thus reducing the group
1175- privacy size by the number of decoys added to a group. The proper number of
1176- decoys to use is a function of the desired group privacy size, the randomness
1177- of the distribution of entries in the set, and ensuring that entities watching
1178- the list cannot determine which entries are real and which ones are decoys as
1179- they change throughout time.
1171+ The use of decoy values in status lists by < a > issuers</ a > has been explored as
1172+ a mechanism to increase the privacy of < a > subjects</ a > by further hiding the
1173+ size of the group associated with a status list as well as when values in the
1174+ list change. While algorithms for employing decoy values are out of scope for
1175+ this specification, implementers are advised to heed the guidance in this
1176+ section when considering the use of decoy values.
1177+ </ p >
1178+ < p >
1179+ Decoys might help privacy in some cases, but harm privacy in others. For
1180+ example, if status list entry indexes are allocated in a purely random fashion,
1181+ adding decoys harms privacy because it reduces the group privacy size by the
1182+ number of decoys added to the group. A purely random allocation of indexes
1183+ ensures that decoys are not necessary unless a bulk operation, such as setting
1184+ every credential issued in a list to the same status (such as "revoked"),
1185+ would reveal the true size of the group.
1186+ </ p >
1187+ < p >
1188+ If decoys are used, the proper number of decoys to use is a function that
1189+ includes at least the desired group privacy size, the randomness of the
1190+ distribution of entries in the set, and ensuring that entities watching the list
1191+ cannot determine which entries are real and which ones are decoys as they change
1192+ throughout time. These variables often change based on the use case and
1193+ implementers are encouraged to carefully evaluate whether using decoys would
1194+ help or harm privacy for their particular scenario.
11801195 </ p >
11811196 < p >
11821197When employing decoy values, it is important to ensure that the decoys
@@ -1185,10 +1200,14 @@ <h3>Decoy Values</h3>
11851200is not how the rest of the revocation values associated with real entries
11861201behave. Similarly, changing the decoy values at times and numbers that do not
11871202align with the way real entries behave can enable statistical analysis to
1188- separate the real entries from the decoy entries. While algorithms for employing
1189- decoy values are out of scope for this specification, the usage of decoy values
1190- can be an important part of an < a > issuer's</ a > privacy protections for their
1191- < a > subjects</ a > .
1203+ separate the real entries from the decoy entries.
1204+ </ p >
1205+ < p >
1206+ In general, the use of decoys is discouraged as, more often than not,
1207+ random allocation of status list entry indexes provides adequate protection
1208+ for most use cases. If bulk operations can be performed on a status list
1209+ that would reveal the group size, only then might an implementer consider the
1210+ use of decoys.
11921211 </ p >
11931212 </ section >
11941213
0 commit comments